Overview

overview

8

Static

static

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    f815702d34fd82ad4d5a41512c19c719f715b2f6f5a1ad74b71a9b2e8e885a2b

  • Size

    131KB

  • Sample

    221204-rf14mafb45

  • MD5

    4963bf112edc67a99f4e94f1b5135ddc

  • SHA1

    a2a1602fb171d3527ccc7d9df5c91f23d59cbe9e

  • SHA256

    f815702d34fd82ad4d5a41512c19c719f715b2f6f5a1ad74b71a9b2e8e885a2b

  • SHA512

    250f023ae4a3d7c422236a1516e0c479049273d5afc1f760deab7f8a1e8347dd4865178614334471b1f88dbfebcc21d6e41fc6165ddb159e3a35ae3fd7a26790

  • SSDEEP

    3072:inHXMpxcGxFyhQ0bOqYW6Qn6RuhCmICnACTIUAf9QnwhmHn:GHmGY/o0W6Q6R8CsnVTI4wh+n

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      238KB

    • MD5

      7710fc4fcea932679b40d31d409ae117

    • SHA1

      bb5dfd38943356d6c1cff6b12d32f1cb54af6d35

    • SHA256

      11abaf6a3b196588408e4d7fe8bf9a7d9b1a9b9bb3eeeb3dc2215be38f18eefa

    • SHA512

      7fb1e792e8d2533a5aa4927971249d59f25fe2fe7067b9a1dbbb71aa1a5964bd7efb75822c73ffdef9ff118982e42b870c883229fa37eee228f3d11026574b06

    • SSDEEP

      6144:MbXE9OiTGfhEClq9528TfdRoWRg+lN/JJUm:oU9XiuiJ8DRxl5

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks